Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following:

Security bulletin advance notifications

Security bulletin summaries

New security advisories and bulletins

Major and minor revisions to security advisories and bulletins

In order to stay up-to-date on things, Microsoft encouraged subscribers to use their RSS service, which offers the same information.

The closure notifications came suddenly, causing confusion among some subscribers. However, Microsoft says the change is due to a new law in Canada, which goes into effect on the same day.

Canada’s anti-spam law would require organizations to obtain consent for bulk email lists, requiring customers or prospective customers to complete an explicit opt-in process, else the company could face a $10M CAD fine for sending mass notifications.

It isn’t clear why Microsoft has suddenly altered the 12-year-old notification system. In 2002, the email lists were created as a way to coordinate Patch Tuesday updates and keep IT professionals in the loop about security-related alerts. Under the new anti-spam laws, Microsoft would be exempt from the fines.

Microsoft would be exempt from such a penalty, because the law offers protection for those who maintain lists for “…warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased…”

Until July 13, Microsoft will register those who opt-in to their mailing lists for a drawing that promises a $500 CDN Microsoft gift voucher.